CVE-2026-41353

creationtimestamp| type| source ---|---|--- 2026-04-23 22:25:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk72koj46b2w 2026-04-23 22:26:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk72mlk4ff2g 2026-04-23 23:27:23+00:00| seen|...

CVE-2026-33318

creationtimestamp| type| source ---|---|--- 2026-04-23 20:22:56+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-prp4-2f49-fcgp 2026-04-24 03:56:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk7n2kb7sz2z 2026-04-24...

CVE-2026-42606

creationtimestamp| type| source ---|---|--- 2026-04-23 19:37:18+00:00| published-proof-of-concept| https://github.com/AzuraCast/AzuraCast/security/advisories/GHSA-gv7r-3mr9-h5x8 2026-05-09 21:00:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlh5aco5sj2e 2026-05-09...

Ajax Load More < 7.6.1 - Unauthenticated Sensitive Information Exposure

The Ajax Load More – Infinite Scroll plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.0.2. The plugin's AJAX endpoint wpajaxnoprivalmgetposts allows unauthenticated users to access non-public posts draft, private, pending, future, tras...

CVE-2026-41196

creationtimestamp| type| source ---|---|--- 2026-04-23 05:18:40+00:00| seen| Telegram/x9tyUe3u3o8RRyRxn4MyOTn6X2M4g6ykuZunUy8vPfx8ng 2026-04-23 06:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116452493196424144 2026-04-23 06:00:35+00:00| seen|...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243

OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...

EUVD-2026-25164

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

Openlearn 访问控制错误漏洞

Openlearn is an open-source learning forum tool developed by Siemvk individuals. Openlearn has a access control vulnerability; this vulnerability arises from the fact that forum posts that are not reviewed when safeMode is enabled can still return complete content through the direct post reading...

PT-2026-34605

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

EUVD-2026-22828

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-34063

creationtimestamp| type| source ---|---|--- 2026-04-22 20:16:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk4ctsttnv2h 2026-04-22 21:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mk4fdbxqg62g 2026-04-22 21:21:17+00:00| published-proof-of-concept|...

EUVD-2026-24702

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

EUVD-2026-24704

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-6236

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2026-41144

creationtimestamp| type| source ---|---|--- 2026-04-22 09:00:41+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mk353s3ayk2c 2026-04-22 09:00:42+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3mk353yb4zk2c 2026-04-22 09:00:42+00:00| seen|...

CVE-2026-6236 Posts map <= 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...